Microsoft's tablet OS can be fooled into running full-blown Windows 8 and legacy applications, hacker reveals.
Top 10 Tech Fails Of 2012
(click image for larger view and for slideshow)
A hacker has developed a "deep in the kernel" workaround that lets users run full-blown Windows applications on tablets and hybrids that use Windows RT -- a trimmed down version of Windows 8 that's only meant to run mobile apps downloaded from Microsoft's Windows Store or those preinstalled by Redmond.
In a blog post, the hacker -- who uses the name clrokr -- disclosed the exploit. "It's taken longer than expected but it has finally happened: Unsigned desktop applications run on Windows RT," clrokr wrote.
Windows RT devices were released on Oct. 26 of last year, alongside Windows 8. The devices all run processors based on the ARM mobile reference design, which until now, rendered them incompatible with regular Windows applications. ASUS, Lenovo and other vendors have all shipped Windows RT tablets, as has Microsoft itself with Surface RT.
Clrokr said Windows RT inherited a flaw from Windows 8 that makes the workaround possible. "Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible," wrote the hacker.
"MSFT's artificial incompatibility does not work because Windows RT is not in any way reduced in functionality. It's a clean port, and a good one," said clrokr.
Windows 8 and Windows RT systems come with a security feature called Secure Boot, which ensures that applications are authorized to run before they are launched. Secure Boot is more permissive on Windows 8, while on Windows RT it's configured so devices that use the OS can only run apps authorized by Microsoft.
clrokr said that a hack (which would be well beyond the capabilities of most users) essentially tricks Windows RT systems into running applications they aren't supposed to launch. "Finding this byte in the kernel takes awhile, there is no exported symbol for it and not even in the symbol database at MSFT," wrote clrokr. "I found it using WinDbg [Windows Debugger] and a machine running Windows 8 Pro."
clrokr admitted that the hack is not for the faint of heart, and that it carries some risks. At times it can trigger a Windows bug check, and the method "is not practical for most users, especially because tablet buyers are less likely to know enough about computers to do this than PC users."
In a statement, Microsoft said it does not consider the hack to be a major security threat because it is beyond the reach of most users, but added that it may take steps to eliminate it in future updates to Windows RT.
Tech spending is looking up, but IT must focus more on customers and less on internal systems. Also in the all-digital Outlook 2013 issue of InformationWeek: Five painless rules for encryption. (Free registration required.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.